European Union: Cybersecurity requirements for "high-risk AI systems" in Regulation laying down harmonised rules on artificial intelligence (AI Act)

Progress

Current status

in grace period

02 Aug 2027 in force

02 Aug 2026 in force

01 Aug 2024 in grace period

21 May 2024 adopted

13 Mar 2024 under deliberation

09 Dec 2023 under deliberation

14 Jun 2023 under deliberation

11 May 2023 under deliberation

06 Dec 2022 under deliberation

21 Apr 2021 under deliberation

Scope

Implementers

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czechia

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Ireland

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

Policy Area

Authorisation, registration and licensing

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

ML and AI development

Government Branch

legislature

executive

Government Body

parliament

central government

Implementation Level

supranational

Timeline of events

02 Aug 2027

in force

Implemented AI Act including cybersecurity requirement for Article 6(1) "high-risk AI systems"

On 2 August 2027, the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) comes into effect for "high-risk AI systems" referred to in Article 6(1) of the Act. The Act specifies that high-risk AI systems m…

Source

Event type law

Action type implementation

Government branch legislature

Government body parliament

02 Aug 2026

in force

Implemented AI Act including cybersecurity requirement for Annex III "high-risk AI systems"

On 2 August 2026, the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) comes into effect for "high-risk AI systems" referred to in Annex III of the Act. The Act specifies that high-risk AI systems must…

Source

Event type law

Action type implementation

Government branch legislature

Government body parliament

01 Aug 2024

in grace period

Entry into force with grace period of AI Act including cybersecurity requirement for "high-risk AI systems"

On 1 August 2024, the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) enters into force, 20 days following its publication in the Official Journal, with a grace period on its implementation. The Act s…

Source

Event type law

Action type in force with grace period

Government branch legislature

Government body parliament

21 May 2024

adopted

Adopted AI Act including cybersecurity requirement for "high-risk AI systems" by Council

On 21 May 2024, the Council of the European Union adopted the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act). The Act specifies that high-risk AI systems must be designed in a way that achieves an ap…

Source

Event type law

Action type adoption

Government branch legislature

Government body parliament

13 Mar 2024

under deliberation

Passed AI Act including cybersecurity requirement for "high-risk AI systems" by EU Parliament

On 13 March 2024, the European Parliament passed the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act). The Act specifies that high-risk AI systems must be designed in a way that achieves an appropriat…

Source

Event type law

Action type passage

Government branch legislature

Government body parliament

09 Dec 2023

under deliberation

Reached Council and Parliament agreement on AI Act including cybersecurity requirement for "high-risk AI systems"

On 9 December 2023, the Parliament and the Council of the European Union adopted a provisional agreement on the proposal on harmonised rules on artificial intelligence (AI Act). The compromise agreement clarifies the definition of an AI system by a…

Source

Event type law

Action type passage

Government branch legislature

Government body parliament

14 Jun 2023

under deliberation

Adopted EU Parliament position AI Act including cybersecurity requirement for "high-risk AI systems"

On 14 May 2023, the European Parliament adopted its position on the Act on Harmonised Rules for Artificial Intelligence (AI Act), which includes cybersecurity requirements for so-called "high-risk AI systems" (Art.15). Specifically, high-risk AI sy…

Source

Event type law

Action type passage

Government branch legislature

Government body parliament

11 May 2023

under deliberation

Adopted LIBRE and IMCO's position on AI Act including cybersecurity requirement for "high-risk AI systems"

On 11 May 2023, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) and Internal Market and Consumer Protection Committee (IMCO) adopted their position on the Act on Harmonised Rules for Artificial Intelligence (AI …

Source

Event type law

Action type passage

Government branch legislature

Government body parliament

06 Dec 2022

under deliberation

Adopted Council general approach on AI Act including cybersecurity requirement for "high-risk AI systems"

On 6 December 2022, the Council of the European Union adopted its general approach on the Artificial Intelligence Act (AI Act), which includes cybersecurity requirements for so-called "high-risk AI systems" (Art.15). Specifically, high-risk AI syste…

Source

Event type law

Action type passage

Government branch executive

Government body central government

21 Apr 2021

under deliberation

Published AI regulation proposal including cybersecurity requirements for "high-risk" AI systems

On 21 April 2021, the European Commission proposed a regulation on a European approach to Artificial Intelligence, which includes cybersecurity requirements for so-called "high-risk AI systems" (Art.15). Specifically, high-risk AI systems must be de…

Source

Event type law

Action type introduction

Government branch executive

Government body central government

Progress

Scope

Timeline of events

Implemented AI Act including cybersecurity requirement for Article 6(1) "high-risk AI systems"

Implemented AI Act including cybersecurity requirement for Annex III "high-risk AI systems"

Entry into force with grace period of AI Act including cybersecurity requirement for "high-risk AI systems"

Adopted AI Act including cybersecurity requirement for "high-risk AI systems" by Council

Passed AI Act including cybersecurity requirement for "high-risk AI systems" by EU Parliament

Reached Council and Parliament agreement on AI Act including cybersecurity requirement for "high-risk AI systems"

Adopted EU Parliament position AI Act including cybersecurity requirement for "high-risk AI systems"

Adopted LIBRE and IMCO's position on AI Act including cybersecurity requirement for "high-risk AI systems"

Adopted Council general approach on AI Act including cybersecurity requirement for "high-risk AI systems"

Published AI regulation proposal including cybersecurity requirements for "high-risk" AI systems

Related changes

European Union: Monitoring requirements in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Testing requirements for "high-risk AI systems" in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Design requirements for "high-risk AI systems" in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Conformity assessment and business registration requirement for "high-risk AI systems" in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Data protection measures for "high-risk" AI systems in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Quality of service requirements for "high-risk" AI systems in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Establishment of an European Artificial Intelligence Board in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: Service access restriction on AI systems posing "unacceptable risk" in Regulation laying down harmonised rules on artificial intelligence (AI Act)

European Union: General-Purpose AI Code of Practice

European Union: European Commission guidance on use of artificial intelligence in finance

European Union: European Commission AI Pact

European Union: EDPB Statement 3/2024 on data protection authorities' role in the Artificial Intelligence Act framework

Austria: DSB Statement on Data Protection in the AI Act

Poland: Bill on designation of market surveillance authority and notifying authority under EU AI Act

Denmark: Order designating Danish Agency for Digitisation as AI Supervisory Authority under EU AI Act

European Union: European Commission Decision on the Establishment of the European AI Office

Spain: Royal Decree establishing Artificial Intelligence (AI) Sandbox Proposal to test requirements under the EU AI Act

European Union: EDPS opinion on the EU Artificial Intelligence Act

European Union: Standardisation request to the European Standardisation Organisations in support of safe and trustworthy artificial intelligence

European Union: Proposed ban of AI facial recognition in EDPB and EDPS joint opinion on the use of AI